Lucene search
K

12 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.8 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

8.8CVSS0.00361EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-56423

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS0.00261EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/22 12:17 p.m.9 views

EUVD-2026-38227

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:17 p.m.5 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 12:17 p.m.32 views

CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS0.00361EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 12:17 p.m.15 views

CVE-2026-56424

CVE-2026-56424 affects MISP core and describes multiple broken access-control flaws where authorization checks target the wrong entity or where ownership checks are missing on write paths. In affected subsystems, a lower-privileged authenticated user with relevant feature permissions could cause ...

8.8CVSS5.9AI score0.00361EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 11:56 a.m.4 views

CVE-2026-56423

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS6AI score0.00261EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/22 11:56 a.m.30 views

CVE-2026-56423 MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS0.00261EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/22 11:56 a.m.9 views

EUVD-2026-38226

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS6AI score0.00261EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 11:56 a.m.23 views

CVE-2026-56423

Summary: CVE-2026-56423 affects MISP Core where bulk deletion (Event Reports and Sharing Groups) used broad role permissions instead of per-object authorization checks, enabling instance-wide deletions by eligible users. What was vulnerable: EventReportsController::deleteSelection relied on the g...

9.4CVSS6AI score0.00261EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits1References9
CVE
CVE
added 2026/03/09 12:10 p.m.20 views

CVE-2026-2261

The CVE-2026-2261 issue affects blocklistd where a programming error leaks a socket descriptor per adverse event, eventually exhausting file descriptors. After a moderate number of leaks, the process cannot run the helper script because a forked child dereferences a null pointer and crashes, prev...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder